Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-35464
HistoryJul 22, 2021 - 6:15 p.m.

CVE-2021-35464

2021-07-2218:15:00
CWE-502
[email protected]
web.nvd.nist.gov
1003
In Wild
13
cve-2021-35464
forgerock am server
java deserialization vulnerability
jato.pagesession
remote code execution
nvd
security advisory

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier

Social References

More

Related

zdt 1
metasploit 1
threatpost 1
packetstorm 2
cnvd 1
hackerone 3
prion 1
nessus 2
cisa_kev 1
githubexploit 1
cisa 1
thn 3
nuclei 1
checkpoint_advisories 1
seebug 1
rapid7blog 3
attackerkb 1
exploitdb 1
trellix 2
avleonov 2
ics 1
zdt
zdt
ForgeRock Access Manager / OpenAM 14.6.3 - Remote Code Execution (Unauthenticated) Exploit
2021-07-16 00:00:00
metasploit
metasploit
ForgeRock / OpenAM Jato Java Deserialization
2021-07-02 21:05:39
threatpost
threatpost
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack
2021-07-12 18:01:46
packetstorm
packetstorm
ForgeRock / OpenAM Jato Java Deserialization
2021-07-13 00:00:00
ForgeRock Access Manager/OpenAM 14.6.3 Remote Code Execution
2021-07-16 00:00:00
cnvd
cnvd
ForgeRock AM code issue vulnerability
2021-06-30 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-07-01 18:21:48
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 08:58:44
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
2021-06-30 09:11:23
prion
prion
Deserialization of untrusted data
2021-07-22 18:15:00
nessus
nessus
ForgeRock Access Management < 7.0 RCE
2021-07-02 00:00:00
OpenAM RCE (CVE-2021-35464)
2021-07-29 00:00:00
cisa_kev
cisa_kev
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
2021-11-03 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Forgerock Am
2021-07-01 03:51:32
cisa
cisa
Critical ForgeRock Access Management Vulnerability
2021-07-12 00:00:00
thn
thn
Telecom and BPO Companies Under Attack by SIM Swapping Hackers
2022-12-06 11:00:00
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
2021-07-13 04:48:00
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
2023-09-21 09:11:00
nuclei
nuclei
ForgeRock OpenAM <7.0 - Remote Code Execution
2021-06-29 11:56:37
checkpoint_advisories
checkpoint_advisories
ForgeRock OpenAM Remote Code Execution (CVE-2021-35464)
2021-07-15 00:00:00
seebug
seebug
ForgeRock AM远程代码执行漏洞(CVE-2021-35464)
2021-07-05 00:00:00
rapid7blog
rapid7blog
ForgeRock Access Manager/OpenAM Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464): What You Need To Know
2021-06-30 15:26:49
Metasploit Wrap-Up
2021-07-16 19:47:06
What's New in InsightVM: Q3 2021 in Review
2021-10-08 13:30:00
attackerkb
attackerkb
Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)
2021-07-22 00:00:00
exploitdb
exploitdb
ForgeRock Access Manager 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)
2021-07-16 00:00:00
trellix
trellix
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
Scattered Spider: The Modus Operandi
2023-08-17 00:00:00
avleonov
avleonov
Last Week’s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape
2021-07-05 15:19:07
Last Week’s Security news: Exploits for ForgeRock, vSphere, Apache Tomcat, new Print Spooler vuln, Kaseya Patch and REvil, SolarWinds, Schneider Electric, Bulletins
2021-07-19 16:29:00
ics
ics
2021 Top Routinely Exploited Vulnerabilities
2022-04-28 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON
Related for CVE-2021-35464
zdt1metasploit1threatpost1packetstorm2cnvd1hackerone3prion1nessus2cisa_kev1githubexploit1cisa1thn3nuclei1checkpoint_advisories1seebug1rapid7blog3attackerkb1exploitdb1trellix2avleonov2ics1